CVE-2017-14107

Priority
Description
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0
mishandles EOCD records, which allows remote attackers to cause a denial of
service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a
crafted ZIP archive.
Ubuntu-Description
It was discovered that libzip mishandled certain malformed ZIP archives. An
attacker could use this vulnerability to cause a denial of service.
Package
Upstream:released (1.3.0+dfsg.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):not-affected (1.5.1-0ubuntu1)
Ubuntu 19.10 (Eoan):not-affected (1.5.1-0ubuntu1)
Patches:
Upstream:https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.6.33+dfsg-0+deb8u1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
More Information

Updated: 2019-09-19 14:37:03 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)